Black Hat 2010: Study tests SSL protocol use, finds SSL errors

    Date14 Jul 2010
    Posted ByAnthony Pell
    Ivan Ristic has been quietly weeding through millions of registered domain names to find and test SSL protocol implementations. Ristic, director of engineering at Redwood Shores, Calif.-based Qualys Inc., runs SSL Labs, a non-commercial research effort that was acquired by Qualys last year. The site uses an SSL testing tool to check for configuration issues and protocol errors that can be used by cybercriminals in man-in-the-middle attacks to trick people into giving up sensitive data.

    "We're trying to find as many SSL servers on the Internet and assess every single one of them," Ristic said. "The goal is to really understand how SSL is used. We need to know if we're secure and if there are insecure aspects, we need to know what they are and what we can do to fix them."

    You are not authorised to post comments.

    LinuxSecurity Poll

    Has your email account ever been pwned in a data breach?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.